Lucene search
+L

21 matches found

euvd
euvd
added 2026/07/03 6:15 a.m.10 views

EUVD-2026-41507

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

6AI score0.0061EPSS
Exploits1References3
cve
cve
added 2026/06/25 9:15 p.m.40 views

CVE-2026-11703

The CVE-2026-11703 entry describes a vulnerability in stateful (session-ID) TLS resumption where missing SNI/ALPN binding allowed a cached session to be resumed under a different SNI/ALPN than originally negotiated. The root cause is the absence of binding checks for stateful resumption paths, wh...

7.5CVSS5.9AI score0.0021EPSS
Exploits0References2Affected Software1
metasploit
metasploit
added 2026/04/02 7:2 p.m.130 views

HTTP Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...

5.9AI score
Exploits0
metasploit
metasploit
added 2026/04/02 7:2 p.m.165 views

HTTPS Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The sock...

6AI score
Exploits0
fedora
fedora
added 2026/02/26 12:56 a.m.10 views

[SECURITY] Fedora 42 Update: munge-0.5.18-1.fc42

MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having...

7.8CVSS6AI score0.00302EPSS
Exploits0
redhatcve
redhatcve
added 2026/01/18 11:20 a.m.9 views

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS6.9AI score0.00457EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/11/07 12:0 a.m.4 views

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl that stems from the lack of a host authentication mechanism when SFTP uses the wolfSSH backend, which could lead to a man-in-the-middle attack...

4.3CVSS5.5AI score0.0039EPSS
Exploits1References6
redhatcve
redhatcve
added 2025/10/22 2:11 p.m.5 views

CVE-2025-11625

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.8CVSS7.1AI score0.00413EPSS
Exploits0References1
euvd
euvd
added 2025/10/21 3:30 p.m.7 views

EUVD-2025-35174

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.4CVSS6.5AI score0.00413EPSS
Exploits0References2
nvd
nvd
added 2025/10/21 2:15 p.m.6 views

CVE-2025-11625

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.8CVSS0.00413EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/10/21 1:25 p.m.9 views

CVE-2025-11625 Host verification bypass and credential leak

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...

9.4CVSS6.7AI score0.00413EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/10/21 12:0 a.m.5 views

wolfSSH 安全漏洞

wolfSSH is a small, fast, and portable SSH implementation of wolfSSL open source, including support for SCP and SFTP. A security vulnerability exists in wolfSSH 1.4.20 and earlier versions that stems from improper host authentication and could lead to authentication bypass and client credential...

9.8CVSS6.8AI score0.00413EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/08/16 3:26 p.m.7 views

CVE-2025-8964

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostelmanage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed ...

7.8CVSS7AI score0.0026EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/09/26 12:0 a.m.7 views

HashiCorp Vault Enterprise和HashiCorp Vault Community Edition 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community Edition are both products of HashiCorp, Inc. of the U.S.A. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault HashiCorp Vault Enterprise is an enterprise information archiving platform, and HashiCorp...

8.8CVSS7.6AI score0.00269EPSS
Exploits0References3
osv
osv
added 2023/09/15 11:5 a.m.6 views

OESA-2023-1629 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

7.5CVSS6.8AI score0.13638EPSS
Exploits0References3
osv
osv
added 2023/09/15 11:5 a.m.3 views

OESA-2023-1631 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

7.5CVSS6.8AI score0.13638EPSS
Exploits0References3
pentestlab
pentestlab
added 2021/10/20 8:3 a.m.19 views

Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading - Lateral Movement - WebClient...

3.3AI score
Exploits0
nessus
nessus
added 2019/01/03 12:0 a.m.14 views

Fedora 28 : prosody (2018-18f8c6ce79)

Prosody 0.10.2 ============== See upstream's blog post at https://blog.prosody.im/prosody-0-10-2-security-release/ for a full overview of the release changes. Prosody 0.10.2 fixes a cross-host authentication vulnerability, CVE-2018-10847. The issue affects Prosody instances that have multiple...

8.8CVSS6.7AI score0.01657EPSS
Exploits0References3
wallarmlab
wallarmlab
added 2017/09/12 7:29 p.m.29 views

Top-5 stupid security mistakes in web apps

by Ivan Novikov Image by Byseyhanla Own work CC BY-SA 4.0, article re-posted from In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddie...

6.5AI score
Exploits0
exploitpack
exploitpack
added 2016/11/06 12:0 a.m.61 views

SweetRice 1.5.1 - Arbitrary File Upload

SweetRice 1.5.1 - Arbitrary File Upload /usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Unrestricted File Upload Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link:...

0.1AI score
Exploits0
Rows per page
Query Builder